Teen hacks 20 Tesla vehicles with shocking flaw; But Elon Musk, Tesla is not at fault!
On Monday, January 10, David Colombo, a computer security expert and self-proclaimed hacker, successfully tried to break into Tesla.
The Tesla hack was carried out by said juvenile hacker from Germany who claimed to have taken partial control of more than 20 Tesla vehicles in 13 countries around the world.
So I now have full remote control of over 20 Tesla’s in 10 countries and there seems to be no way to find the owners and report it to them…
— David Colombo (@david_colombo_) January 10, 2022
On Twitter, the 19-year-old hacker claimed he could disable sentry mode protection on these EVs, open windows and doors, control vehicle music and lights, and start keyless driving remotely. .
The vulnerability was reported on Twitter by Colombo himself, who said the issue did not affect the company founded by Elon Musk, but rather Tesla owners.
According to reports, the hole was discovered in third-party software, allowing Colombo to open doors and windows, start automobiles without keys and disable security systems.
He further stated that the flaw allowed him to listen to the driver using Tesla’s internal cameras.
It’s not a weakness in Tesla’s system, but rather caused by Tesla owners and a third party, Colombo said. DailyMail.com, indicating that the third-party software is to blame.
He then said he was in close communication with the Tesla Product Security team serving as a third-party service provider to coordinate the disclosure and notify affected owners, as well as provide a solution to patch the deployed vulnerability.
The problem is identified as being in the Tesla owner’s data storage system needed to link the cars to the software.
Prize money for Tesla hack
Colombo then apologized for the inconvenience he caused.
I apologize for the inconvenience 😅 https://t.co/H7ZmalGvtB
— David Colombo (@david_colombo_) January 12, 2022
According to republic of silicon, Tesla’s security team has verified that they are investigating the vulnerability, and Miter’s Common Vulnerabilities and Exposures (CVE) security team has “reserved a CVE” for this vulnerability.
TezLab, Tesla EV’s companion app, said on Twitter on Wednesday, Jan. 12, that thousands of authentication tokens expired at the same time, forcing many TezLab users to re-login to re-establish a connection to their vehicles.
Tesla has a bug reward program through BugCrowd, for an eligible vulnerability the company will pay up to $15,000.
This is where people can report exposure to a vulnerability disclosure site where security researchers can report suspected flaws in products and services.
Read also: Elon Musk faces a major Starlink satellite problem in India: how to cancel a pre-order and get a refund
As reported by New York Post, the hacker later clarified and amended the statement, saying he had never been able to control cars to control braking, steering or acceleration.
He also stated in subsequent tweets that he was able to potentially unlock the doors and begin driving the afflicted Teslas, but could not intervene with anyone driving other than turn up the music or flash the lights.
On top of that, he also claimed that he couldn’t operate these Teslas remotely.
The viral Twitter feed garners over 6,600 reactions, 1,300 shares and nearly 300 replies.
David Colombo is a cybersecurity expert, according to his LinkedIn account.
He claims he wrote his first piece of code when he was ten years old, and his organization’s goal is to help any business protect itself from threat actors in cyberspace.
Related article: Elon Musk is Captain Planet: SpaceX wants to turn carbon dioxide into rocket fuel, but is it possible?